Latest Information Security news from ireland and around the world

Amazon Echo hacked

Researchers at MWR have demonstrated a new way to attack Amazon’s “smart speaker”, turning it into a wiretap hiding in plain sight.

By reverse engineering the Echo the hackers were able to treat it like just another computer running Linux, and from there do as they please. The attack requires physical access to an Echo but having compromised a device an attacker could:

…[get] persistent remote access to the device, steal customer authentication tokens, and the ability to stream live microphone audio to remote services without altering the functionality of the device.

The authors advise that the 2017 version of the Echo is not vulnerable and that the mute button on top of the Echo continues to work on hacked devices.

Prankster fools White House

A British email prankster is making it a habit of tricking White House staffers into believing he’s different key members of the White House staff and the Trump family.

The perpetrator, who goes by the name “Evil Prankster,” appears to have used little more than an Outlook account and mobile device to impersonate President Donald Trump’s sons Eric and Donald Trump Jr., as well as his son-in-law and senior advisor Jared Kushner and recently removed White House Chief of Staff Reince Priebus. He’s also had exchanges while impersonating Priebus with recently ousted White House Communications Director Anthony Scaramucci.

“Evil Prankster” has been sharing screenshots of his exchanges with government officials via Twitter, including email exchanges with former Utah governor and recently nominated US Ambassador to Russia John Huntsman Jr., while impersonating Eric Trump, and an exchange with Homeland Security Advisor Tom Bossert while presenting himself as Kushner.

In some of the exchanges, the prankster even convinced his targets to give up their personal email addresses.

“We take all cyber-related issues very seriously and are looking into these incidents further,” White House Press Secretary Sarah Huckabee Sanders told CNN.

Amazon’s no longer feeling Blu

Budget Android phones Blu have been taken off Amazon’s digital shelves following the discovery of a ‘possible security issue’.

CNET reports concerns that pre-installed spying software on the phones was collecting data and sending it to servers in China, without users’ knowledge.

Blu refuted any claims of wrongdoing, explaining:

The data that is currently being collected is standard for OTA functionality and basic informational reporting. This is in line with every other smartphone device manufacturer in the world. There is nothing out of the ordinary that is being collected, and certainly does not affect any user’s privacy or security.

However, Amazon isn’t taking chances with its customers’ privacy and security, and won’t be selling the handsets again “until the issue is resolved”.